Pdf2Excel

1. What information do we collect?

Personal information you disclose to us

In short: We collect the information you provide directly — for example, when you sign up, purchase a subscription, contact support, or upload documents to be processed.

• Account & contact data: name, email address, username, profile details.
• Authentication data: hashed passwords, MFA metadata (if enabled).
• Billing & payment data: billing address and payment instrument details — stored and processed by our payment providers (Stripe, Paddle).
• Uploaded files: PDFs, scanned images, and other documents you submit to Pdf2Excel for OCR and table extraction. These can contain personal data embedded in the content (for example, names, addresses, account numbers) — those contents are processed to deliver the Service.
• Support communications: messages you send to support or sales.

Information automatically collected

In short: We also collect technical and usage information automatically when you use the Services.

• Log and usage data: timestamps, pages and features used, processed job metadata (file sizes, OCR success/failure, processing durations).
• Device & connection data: IP address, browser type, operating system, and language preferences.
• Location data: approximate location derived from IP address; precise geolocation is not collected unless you provide it explicitly.

Sensitive information

We do not intentionally collect sensitive personal information (for example: racial or ethnic origin, health data, sexual orientation). However, uploaded documents may — by their nature — contain sensitive data; you are responsible for ensuring you have the right to upload and process such content. If you believe we have received sensitive data unintentionally, contact us immediately (see Contact).

Payment processing

Payment details are processed by third-party payment processors (e.g., Stripe, Paddle). We do not store full payment card numbers on our servers; these are handled by the payment provider. See the payment provider privacy policies for details.

2. How do we process your information?

In short: We use your information to provide, maintain, and improve Pdf2Excel, to operate accounts and billing, to provide support, and to comply with legal obligations.

• Core service delivery: performing OCR and table extraction on files you upload and returning converted spreadsheets.
• Account management: creating and authenticating accounts, managing subscriptions, and sending transactional messages (invoices, service notices).
• Support & communications: responding to inquiries and providing technical support.
• Security & fraud prevention: protecting accounts and infrastructure from misuse and attacks.
• Improvement & research: analyzing usage patterns and aggregated metrics to improve reliability and quality. When we use content for model improvement or R&D, we will make clear disclosures where required by law and offer controls where applicable.

We only process personal information when we have a valid legal basis to do so (see Legal bases).

3. What legal bases do we rely on to process your personal information?

In short: depending on your jurisdiction and the processing purpose, we rely on consent, contract performance, legitimate interests, and legal obligations.

Examples:

• Contract performance: processing account and uploaded-file data to deliver the OCR service you requested.
• Legal compliance: answering legal requests or obligations (for example, tax or law enforcement requests).
• Legitimate interests: operating and improving the Service, preventing fraud, and securing the platform — balanced against user privacy rights.
• Consent: where required (for example, certain marketing communications or specific data uses), we will ask for and rely on your consent.

4. When and with whom do we share your personal information?

In short: we share data with third-party service providers who help deliver the Service, and in limited legal or business-transfer situations.

Categories of recipients

• Cloud & hosting providers: e.g., Microsoft Azure (hosting, compute), storage providers.
• AI/OCR service providers: third-party or in-house machine learning services that perform OCR or assist table extraction. These providers process uploaded files to run OCR and extraction pipelines.
• Billing & payments: Stripe, Paddle (payment processing).
• Analytics & performance: Google Analytics, Google Tag Manager (usage and product metrics).
• Support & operations: vendors that help operate the service and provide customer support.

Other situations where disclosure may occur

• Legal requests: to comply with laws, court orders, or government requests.
• Business transfers: in connection with a merger, acquisition, or sale of assets, with notice and protections where required by law.
• To protect rights: to enforce our Terms of Service, investigate fraud, or respond to security incidents.

We require service providers to process personal data only to the extent necessary and under contractually required security and confidentiality obligations.

5. Do we use cookies and other tracking technologies?

In short: yes — we and our partners use cookies and similar technologies to provide, secure, and improve the Services, and for analytics and advertising (where applicable).

Google Analytics

We may use Google Analytics to understand product usage. You may opt out of Google Analytics tracking using Google's opt-out tools.

6. Do we offer AI-based products?

In short: yes. Pdf2Excel uses machine learning / AI models to perform OCR, table recognition, and structured-data extraction.

When you submit a document for OCR/table extraction, the file contents are processed by those AI components. We treat any personal information contained in submitted files in accordance with this Privacy Notice. Where we rely on third-party AI services, those providers are contractually required to follow our data protection instructions.

If we ever use uploaded content to train models (beyond immediate processing to provide the service), we will disclose that practice in-product and provide controls where required by law.

7. How long do we keep your information?

In short: we retain personal data only as long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements.

Uploaded files used to perform OCR and extraction are retained only as long as needed to complete processing and to meet contractual or support obligations, unless you choose to keep processed outputs in your account or we are required to retain data longer by law. When we no longer need your personal data, we delete or anonymize it, except where retention is required for legal or legitimate business reasons (for example, fraud prevention or tax records).

8. How do we keep your information safe?

In short: we deploy industry-standard organizational and technical safeguards, such as access controls, encryption in transit, secure storage, and monitoring. We also require third-party providers to maintain appropriate security controls.

However, no method of transmission or storage is completely secure. You acknowledge that transmitting data to our Services is at your own risk. If you believe your account or data has been compromised, contact us immediately (see Contact).

9. Do we collect information from minors?

In short: no. We do not knowingly collect personal data from children under 18. If we become aware we have collected data from a person under 18, we will take steps to delete it. If you believe we have information about a minor, contact us immediately.

10. What are your privacy rights?

In short: depending on where you live, you may have rights such as access, correction, deletion, portability, objection, and restriction of certain processing. To exercise rights, contact us (see Contact).

We will verify requests and respond in accordance with applicable law. Some rights may be limited (for example, where we must retain data for legal reasons).

11. Controls for Do-Not-Track features

Most browsers support a Do-Not-Track (DNT) signal, but there is no universal standard for honoring it. At present, we do not respond to DNT signals. If and when standards change, we will update this policy accordingly.

12. Do United States residents have specific privacy rights?

In short: yes — residents of certain U.S. states (for example California, Virginia, Colorado, Connecticut, Utah, and others) have additional rights under their state privacy laws.

Those rights commonly include the right to know categories of data collected, access to collected personal data, deletion requests, and the right to opt out of targeted advertising or “sale”/“sharing” as defined by state law. To exercise rights, contact us (see Contact).

13. Do other regions have specific privacy rights?

In short: yes. Residents of the European Economic Area (EEA), the UK, Switzerland, Canada, Australia, New Zealand, South Africa and other jurisdictions may have rights under local laws (for example GDPR, UK GDPR, POPIA, Australian Privacy Act, New Zealand Privacy Act).

If you are located in a region with specific data-protection legislation, additional sections of this Notice apply to you. You may contact your local data protection authority if you believe your rights have been violated.

14. Do we make updates to this notice?

In short: yes. We may update this Privacy Policy to reflect changes in our practices or legal requirements. When we make material changes we will update the "Last updated" date and, where required, provide additional notice.

16. How can you review, update, or delete the data we collect from you?

In short: you can make a data subject access request (DSAR) to review, correct, delete, or export your personal information. Submit requests by emailing and include your account email and a description of the request. We will verify your identity before responding and will follow applicable legal requirements and timelines.